SFTP to a host that can only be connected through SSH Bastion in Windows (Putty)
You can use port forwarding for this.
Lets say the machine you can connect to is on 88.88.88.88 and that is the public address of your server on 10.8.8.8. The machine you want to get to is on 10.8.8.9
You connect to the first machine with ssh, and set up a port forward to the next. I'll show the command line way so that you can see how it works:
ssh -L2222:10.8.8.9:22 [email protected]
So this is doing a standard login to 88.88.88.88 but the -L switch is saying "set up port 2222 on my local machine, and anything that goes to it should be tunnelled to 88.88.88.88 and from there sent on to 10.8.8.9 on port 22"
So now you can do this on the same machine you ran the first command from, and it will connect through to the internal machine (just do the equivalent in your sftp client):
sftp 127.0.0.1:2222
To set up the port forward in putty, go to the ssh / tunnels part of the session setup.
Put 2222 in the source port, and put 10.8.8.9:22 in the destination, make sure local is selected, and click add.
Note that you can change these setting during an established ssh session. So if you need another port forward you can add it here and it takes effect immediately, no need to disconnect and reconnect.
Related videos on Youtube
08 : 39
05 : 45
05 : 01
01 : 54
03 : 15
Atif
I manage engineering teams at .com Know more about me at Atif.work. I am available through Linkedin for networking.
Updated on September 18, 2022Comments
-
Atif over 1 year
I don't even know how to explain this and the title might also be incorrect. But this is what I am trying to do,
I use an SFTP plugin Sublime Text which connects to by dev machine (lets call it D) and syncs the files on save.
When I am working from home, I cannot connect to my dev machine due to obvious security reasons. I have to connect to a bastion host (lets call it S) and then from S I have to ssh to D. This is cool, now I can run commands and use Vim.
However is there a way I could open up the SFTP port for my local machine to connect or the plugin to work. I think its called SSH Tunnel but I am not sure how do I do it.
The plugin makes use of
Putty andPageant (for ssh key) to connect/sync files.Any help will be greatly appreciated.
-
Atif over 9 yearsAwesome thank you. So after running the ssh command, I go back to the sublime plugin and change the hostname from remote host to 127.0.0.1 and port to 2222 ?
-
Atif over 9 years@MartinPrikryl I think Putty in my question was a little misleading. I corrected it.
-
Atif over 9 years@Paul I get this error when I try to run the forwarding command [email protected]'s password: Permission denied (publickey,password,keyboard-interactive). Although I am 100% sure the password I entered was correct.
-
Paul over 9 years@AtifMohammedAmeenuddin Sorry, I am not following this - where does the 10.196.x.x address come into it? The first ssh connection will be to a public address, the second sftp to the localhost 127.0.0.1
-
Atif over 9 yearsSorry let me clear it a bit, so made the first ssh connection. which worked fine. Then ran the ssh command to the actual host from inside the bastion host. It keeps asking me for password and then shows up that error
[email protected]'s password:The 88.88.88.88 is a Windows machine. Could that be the reason? -
Paul over 9 years@AtifMohammedAmeenuddin Both connections above originate from the first machine - the one external to the network you are connecting to.
-
Atif over 9 yearsStill the same problem. I get a long warning message
****USAGE WARNING**** this is a personal computer bla bla bla.. and then it says[email protected]'s password: -
Atif over 9 yearsHaha yes. Well actually it worked. For some reason I'm getting that error (maybe companys policies). But when I went into my text editor and replaced SFTP settings to 127.0.0.1 and port 2222. It worked. Thanks a lot pal!
